Skip to content

L
lxc
Commit 8d7638c7 by Christian Brauner Committed by GitHub
Options

Merge pull request #1417 from zorun/master

debian template: Allow to embed a SSH public key in the new container
parents ad7d44ff 9b6fb5d4
Showing with 25 additions and 2 deletions
templates/lxc-debian.in
...@@ -181,6 +181,14 @@ EOF ...@@ -181,6 +181,14 @@ EOF
echo "Timezone in container is not configured. Adjust it manually." echo "Timezone in container is not configured. Adjust it manually."
fi fi
if [ -n "$authkey" ]; then
local ssh_dir_path="${rootfs}/root/.ssh"
mkdir -p "$ssh_dir_path"
cp "$authkey" "${ssh_dir_path}/authorized_keys"
chmod 700 "$ssh_dir_path"
echo "Inserted SSH public key from '$authkey' into /root/.ssh/authorized_keys"
fi
return 0 return 0
} }
...@@ -600,12 +608,13 @@ Usage: $1 -h|--help -p|--path=<path> [-c|--clean] [-a|--arch=<arch>] [-r|--relea ...@@ -600,12 +608,13 @@ Usage: $1 -h|--help -p|--path=<path> [-c|--clean] [-a|--arch=<arch>] [-r|--relea
[--mirror=<mirror>] [--security-mirror=<security mirror>] [--mirror=<mirror>] [--security-mirror=<security mirror>]
[--package=<package_name1,package_name2,...>] [--package=<package_name1,package_name2,...>]
[-I|--interpreter-path=<interpreter path>] [-I|--interpreter-path=<interpreter path>]
[-F | --flush-cache] [-F | --flush-cache] [-S|--auth-key=<keyfile>]
Options : Options :
-h, --help print this help text -h, --help print this help text
-p, --path=PATH directory where config and rootfs of this VM will be kept -p, --path=PATH directory where config and rootfs of this VM will be kept
-S, --auth-key=KEYFILE SSH public key to inject into the container as the root user.
-a, --arch=ARCH The container architecture. Can be one of: i686, x86_64, -a, --arch=ARCH The container architecture. Can be one of: i686, x86_64,
amd64, armhf, armel, powerpc. Defaults to host arch. amd64, armhf, armel, powerpc. Defaults to host arch.
-r, --release=RELEASE Debian release. Can be one of: wheezy, jessie, stretch, sid. -r, --release=RELEASE Debian release. Can be one of: wheezy, jessie, stretch, sid.
...@@ -634,7 +643,7 @@ EOF ...@@ -634,7 +643,7 @@ EOF
return 0 return 0
} }
options=$(getopt -o hp:n:a:r:cI:F -l arch:,clean,help,enable-non-free,mirror:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache -- "$@") options=$(getopt -o hp:n:a:r:cI:FS: -l arch:,auth-key:,clean,help,enable-non-free,mirror:,name:,packages:,path:,release:,rootfs:,security-mirror:,interpreter-path:,flush-cache -- "$@")
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
usage "$(basename "$0")" usage "$(basename "$0")"
exit 1 exit 1
...@@ -670,6 +679,7 @@ do ...@@ -670,6 +679,7 @@ do
--) shift 1; break ;; --) shift 1; break ;;
-a|--arch) arch=$2; shift 2;; -a|--arch) arch=$2; shift 2;;
-S|--auth-key) authkey=$2; shift 2;;
-I|--interpreter-path) -I|--interpreter-path)
interpreter="$2"; shift 2;; interpreter="$2"; shift 2;;
-c|--clean) clean=1; shift 1;; -c|--clean) clean=1; shift 1;;
...@@ -751,6 +761,19 @@ if [ "$(id -u)" != "0" ]; then ...@@ -751,6 +761,19 @@ if [ "$(id -u)" != "0" ]; then
exit 1 exit 1
fi fi
if [ -n "$authkey" ]; then
if [ ! -f "$authkey" ]; then
echo "SSH keyfile '$authkey' not found"
exit 1
fi
# This is mostly to prevent accidental uage of the private key instead
# of the public key.
if [ "${authkey: -4}" != ".pub" ]; then
echo "SSH keyfile '$authkey' does not end with '.pub'"
exit 1
fi
fi
current_release=$(wget "${MIRROR}/dists/stable/Release" -O - 2> /dev/null | head |awk '/^Codename: (.*)$/ { print $2; }') current_release=$(wget "${MIRROR}/dists/stable/Release" -O - 2> /dev/null | head |awk '/^Codename: (.*)$/ { print $2; }')
release=${release:-${current_release}} release=${release:-${current_release}}
valid_releases=('wheezy' 'jessie' 'stretch' 'sid') valid_releases=('wheezy' 'jessie' 'stretch' 'sid')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment